Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hosts file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hosts file

Unread postby bunchafool » April 19th, 2010, 9:59 am

Wont let me save after Deleting Bad lines using notepad

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:00 AM, on 4/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.186.119.129 www.google.com
O1 - Hosts: 93.186.119.129 google.com
O1 - Hosts: 93.186.119.129 google.com.au
O1 - Hosts: 93.186.119.129 www.google.com.au
O1 - Hosts: 93.186.119.129 google.be
O1 - Hosts: 93.186.119.129 www.google.be
O1 - Hosts: 93.186.119.129 google.com.br
O1 - Hosts: 93.186.119.129 www.google.com.br
O1 - Hosts: 93.186.119.129 google.ca
O1 - Hosts: 93.186.119.129 www.google.ca
O1 - Hosts: 93.186.119.129 google.ch
O1 - Hosts: 93.186.119.129 www.google.ch
O1 - Hosts: 93.186.119.129 google.de
O1 - Hosts: 93.186.119.129 www.google.de
O1 - Hosts: 93.186.119.129 google.dk
O1 - Hosts: 93.186.119.129 www.google.dk
O1 - Hosts: 93.186.119.129 google.fr
O1 - Hosts: 93.186.119.129 www.google.fr
O1 - Hosts: 93.186.119.129 google.ie
O1 - Hosts: 93.186.119.129 www.google.ie
O1 - Hosts: 93.186.119.129 google.it
O1 - Hosts: 93.186.119.129 www.google.it
O1 - Hosts: 93.186.119.129 google.co.jp
O1 - Hosts: 93.186.119.129 www.google.co.jp
O1 - Hosts: 93.186.119.129 google.nl
O1 - Hosts: 93.186.119.129 www.google.nl
O1 - Hosts: 93.186.119.129 google.no
O1 - Hosts: 93.186.119.129 www.google.no
O1 - Hosts: 93.186.119.129 google.co.nz
O1 - Hosts: 93.186.119.129 www.google.co.nz
O1 - Hosts: 93.186.119.129 google.pl
O1 - Hosts: 93.186.119.129 www.google.pl
O1 - Hosts: 93.186.119.129 google.se
O1 - Hosts: 93.186.119.129 www.google.se
O1 - Hosts: 93.186.119.129 google.co.uk
O1 - Hosts: 93.186.119.129 www.google.co.uk
O1 - Hosts: 93.186.119.129 google.co.za
O1 - Hosts: 93.186.119.129 www.google.co.za
O1 - Hosts: 93.186.119.129 www.google-analytics.com
O1 - Hosts: 93.186.119.129 www.bing.com
O1 - Hosts: 93.186.119.129 search.yahoo.com
O1 - Hosts: 93.186.119.129 www.search.yahoo.com
O1 - Hosts: 93.186.119.129 uk.search.yahoo.com
O1 - Hosts: 93.186.119.129 ca.search.yahoo.com
O1 - Hosts: 93.186.119.129 de.search.yahoo.com
O1 - Hosts: 93.186.119.129 fr.search.yahoo.com
O1 - Hosts: 93.186.119.129 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Security Update - {6551001F-A07B-40B1-8F55-B44BF35A42A6} - C:\WINDOWS\system32\win32extension.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8120 bytes
You do not have the required permissions to view the files attached to this post.
bunchafool
Active Member
 
Posts: 5
Joined: April 19th, 2010, 9:45 am
Advertisement
Register to Remove

Re: hosts file

Unread postby MWR 3 day Mod » April 23rd, 2010, 1:58 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: hosts file

Unread postby muppy03 » April 24th, 2010, 11:08 pm

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

WGA Diagnostic Tool

Please follow this WGA troubleshooting procedure:

Please post (reply) with the results.

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • WGA Report
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: hosts file

Unread postby bunchafool » April 25th, 2010, 7:46 am

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-Y8MFP-9BJ8F-DB6MQ
Windows Product Key Hash: SClRx7wJIhz5GWH3sXvyqzuhfPg=
Windows Product ID: 55274-640-1164531-23696
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {C368BB17-2E00-4462-A57C-6CEE1A1FF1C3}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 108 Invalid VLK
Microsoft Office Enterprise 2007 - 108 Invalid VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C368BB17-2E00-4462-A57C-6CEE1A1FF1C3}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DB6MQ</PKey><PID>55274-640-1164531-23696</PID><PIDType>1</PIDType><SID>S-1-5-21-343818398-2111687655-839522115</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>MM061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="4"/><Date>20060511000000.000000+000</Date></BIOS><HWID>A80431CF0184606E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>108</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>64BC76978749586</Val><Hash>GW6PzcEVEDTVKeO5Ym5UUm41dBk=</Hash><Pid>89388-707-0441865-65279</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="108"/><App Id="16" Version="12" Result="108"/><App Id="18" Version="12" Result="108"/><App Id="19" Version="12" Result="108"/><App Id="1A" Version="12" Result="108"/><App Id="1B" Version="12" Result="108"/><App Id="44" Version="12" Result="108"/><App Id="A1" Version="12" Result="108"/><App Id="BA" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 4000:Dell Inc|4000:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
bunchafool
Active Member
 
Posts: 5
Joined: April 19th, 2010, 9:45 am

Re: hosts file

Unread postby bunchafool » April 25th, 2010, 7:49 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-04-25 07:48:00
Microsoft Windows XP Professional Service Pack 2
System drive C: has 42 GB (82%) free of 51 GB
Total RAM: 1014 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:29 AM, on 4/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.186.119.129 www.google.com
O1 - Hosts: 93.186.119.129 google.com
O1 - Hosts: 93.186.119.129 google.com.au
O1 - Hosts: 93.186.119.129 www.google.com.au
O1 - Hosts: 93.186.119.129 google.be
O1 - Hosts: 93.186.119.129 www.google.be
O1 - Hosts: 93.186.119.129 google.com.br
O1 - Hosts: 93.186.119.129 www.google.com.br
O1 - Hosts: 93.186.119.129 google.ca
O1 - Hosts: 93.186.119.129 www.google.ca
O1 - Hosts: 93.186.119.129 google.ch
O1 - Hosts: 93.186.119.129 www.google.ch
O1 - Hosts: 93.186.119.129 google.de
O1 - Hosts: 93.186.119.129 www.google.de
O1 - Hosts: 93.186.119.129 google.dk
O1 - Hosts: 93.186.119.129 www.google.dk
O1 - Hosts: 93.186.119.129 google.fr
O1 - Hosts: 93.186.119.129 www.google.fr
O1 - Hosts: 93.186.119.129 google.ie
O1 - Hosts: 93.186.119.129 www.google.ie
O1 - Hosts: 93.186.119.129 google.it
O1 - Hosts: 93.186.119.129 www.google.it
O1 - Hosts: 93.186.119.129 google.co.jp
O1 - Hosts: 93.186.119.129 www.google.co.jp
O1 - Hosts: 93.186.119.129 google.nl
O1 - Hosts: 93.186.119.129 www.google.nl
O1 - Hosts: 93.186.119.129 google.no
O1 - Hosts: 93.186.119.129 www.google.no
O1 - Hosts: 93.186.119.129 google.co.nz
O1 - Hosts: 93.186.119.129 www.google.co.nz
O1 - Hosts: 93.186.119.129 google.pl
O1 - Hosts: 93.186.119.129 www.google.pl
O1 - Hosts: 93.186.119.129 google.se
O1 - Hosts: 93.186.119.129 www.google.se
O1 - Hosts: 93.186.119.129 google.co.uk
O1 - Hosts: 93.186.119.129 www.google.co.uk
O1 - Hosts: 93.186.119.129 google.co.za
O1 - Hosts: 93.186.119.129 www.google.co.za
O1 - Hosts: 93.186.119.129 www.google-analytics.com
O1 - Hosts: 93.186.119.129 www.bing.com
O1 - Hosts: 93.186.119.129 search.yahoo.com
O1 - Hosts: 93.186.119.129 www.search.yahoo.com
O1 - Hosts: 93.186.119.129 uk.search.yahoo.com
O1 - Hosts: 93.186.119.129 ca.search.yahoo.com
O1 - Hosts: 93.186.119.129 de.search.yahoo.com
O1 - Hosts: 93.186.119.129 fr.search.yahoo.com
O1 - Hosts: 93.186.119.129 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Security Update - {6551001F-A07B-40B1-8F55-B44BF35A42A6} - C:\WINDOWS\system32\win32extension.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8085 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6551001F-A07B-40B1-8F55-B44BF35A42A6}]
&Security Update - C:\WINDOWS\system32\win32extension.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-19 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-23 620152]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2007-08-24 240112]
"DMXLauncher"=C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [2007-08-14 113136]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PersSecurity]
C:\Program Files\PersSecurity\psecurity.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-11 39408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\All Users\Application Data\e9adfb6\CUe9ad.exe"="C:\Documents and Settings\All Users\Application Data\e9adfb6\CUe9ad.exe:*:Enabled:CleanUp Antivirus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-25 07:48:00 ----D---- C:\rsit
2010-04-25 07:43:29 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-04-25 07:43:28 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-04-19 10:43:43 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-19 10:43:43 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-19 10:43:43 ----A---- C:\WINDOWS\system32\java.exe
2010-04-19 10:43:43 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-04-19 10:43:27 ----D---- C:\Program Files\Java
2010-04-19 08:35:05 ----D---- C:\Program Files\Trend Micro
2010-04-19 07:46:45 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-19 07:25:24 ----D---- C:\WINDOWS\pss
2010-04-19 07:17:57 ----D---- C:\WINDOWS\system32\appmgmt

======List of files/folders modified in the last 1 months======

2010-04-25 07:48:07 ----D---- C:\WINDOWS\Prefetch
2010-04-25 07:43:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-25 07:20:08 ----D---- C:\WINDOWS\Temp
2010-04-25 07:19:58 ----D---- C:\WINDOWS
2010-04-19 10:43:57 ----SHD---- C:\WINDOWS\Installer
2010-04-19 10:43:43 ----D---- C:\WINDOWS\system32
2010-04-19 10:43:27 ----RD---- C:\Program Files
2010-04-19 09:17:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-19 08:37:27 ----HD---- C:\WINDOWS\inf
2010-04-19 08:24:20 ----D---- C:\WINDOWS\system32\drivers
2010-04-19 07:57:55 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2010-04-19 07:36:04 ----D---- C:\temp
2010-04-19 07:26:36 ----SH---- C:\boot.ini
2010-04-19 07:26:36 ----A---- C:\WINDOWS\win.ini
2010-04-19 07:26:36 ----A---- C:\WINDOWS\system.ini
2010-04-19 07:17:57 ----D---- C:\Program Files\Common Files
2010-04-19 07:14:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-19 07:13:38 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\WINDOWS\system32\drivers\VCdRom.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-03 56816]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2008-11-06 48128]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2008-10-11 45056]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2008-07-29 38400]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 USBWLANA;USB Wireless Network Adapter; C:\WINDOWS\system32\DRIVERS\usbwlana.sys [2001-07-13 66911]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-19 153376]
R2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-02 654848]
R3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-11 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S4 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S4 SessionLauncher;SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []

-----------------EOF-----------------
bunchafool
Active Member
 
Posts: 5
Joined: April 19th, 2010, 9:45 am

Re: hosts file

Unread postby bunchafool » April 25th, 2010, 7:50 am

info.txt logfile of random's system information tool 1.06 2010-04-25 07:48:31

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 8 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bejeweled 2 Deluxe-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bejeweled 2-->C:\Program Files\Bejeweled 2\uninstall.exe
Bejeweled(R)-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-bejeweledr.rguninst" "AddRemove"
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MSN Toolbar-->MsiExec.exe /I{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}
RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00-->"C:\Program Files\InstallShield Installation Information\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Roxio CinePlayer-->MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
Roxio Easy Media Creator 10 Suite-->MsiExec.exe /I{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sound Blaster ADVANCED MB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

=====HijackThis Backups=====

O1 - Hosts: 93.186.119.129 google.co.nz [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.za [2010-04-19]
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.no [2010-04-19]
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.no [2010-04-19]
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com [2010-04-19]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2010-04-19]
O1 - Hosts: 93.186.119.129 ca.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.za [2010-04-19]
O1 - Hosts: 74.125.45.100 4-open-davinci.com [2010-04-19]
O1 - Hosts: 74.125.45.100 www.getavplusnow.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.nz [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com.br [2010-04-19]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701 [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ie [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.de [2010-04-19]
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ca [2010-04-19]
O1 - Hosts: 93.186.119.129 google.dk [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.it [2010-04-19]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.be [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ca [2010-04-19]
O1 - Hosts: 93.186.119.129 google.nl [2010-04-19]
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com [2010-04-19]
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com [2010-04-19]
O1 - Hosts: 93.186.119.129 search.yahoo.com [2010-04-19]
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.dk [2010-04-19]
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ch [2010-04-19]
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.se [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ie [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.jp [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ch [2010-04-19]
O1 - Hosts: 93.186.119.129 de.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 au.search.yahoo.com [2010-04-19]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com.au [2010-04-19]
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.bing.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.fr [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.jp [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.fr [2010-04-19]
O1 - Hosts: 93.186.119.129 www.search.yahoo.com [2010-04-19]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com [2010-04-19]
O1 - Hosts: 74.125.45.100 urs.microsoft.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.uk [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.uk [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com.br [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.pl [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google-analytics.com [2010-04-19]
O1 - Hosts: 93.186.119.129 fr.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.de [2010-04-19]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2010-04-19]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [2010-04-19]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com [2010-04-19]
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com/ [2010-04-19]
O1 - Hosts: 93.186.119.129 google.be [2010-04-19]
O1 - Hosts: 93.186.119.129 google.it [2010-04-19]
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing) [2010-04-19]
O1 - Hosts: 93.186.119.129 google.pl [2010-04-19]
O1 - Hosts: 93.186.119.129 google.se [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com.au [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.nl [2010-04-19]
O1 - Hosts: 93.186.119.129 uk.search.yahoo.com [2010-04-19]
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.za [2010-04-19]
O1 - Hosts: 93.186.119.129 www.bing.com [2010-04-19]
O1 - Hosts: 93.186.119.129 au.search.yahoo.com [2010-04-19]
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.de [2010-04-19]
O1 - Hosts: 93.186.119.129 google.be [2010-04-19]
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2010-04-19]
O1 - Hosts: 93.186.119.129 de.search.yahoo.com [2010-04-19]
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.jp [2010-04-19]
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.be [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com.br [2010-04-19]
O1 - Hosts: 93.186.119.129 google.se [2010-04-19]
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.se [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com [2010-04-19]
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ch [2010-04-19]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com [2010-04-19]
O1 - Hosts: 74.125.45.100 urs.microsoft.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.fr [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.fr [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ca [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.it [2010-04-19]
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-19]
O1 - Hosts: 74.125.45.100 www.getavplusnow.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.dk [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ca [2010-04-19]
O1 - Hosts: 93.186.119.129 google.pl [2010-04-19]
O1 - Hosts: 93.186.119.129 google.no [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.jp [2010-04-19]
O1 - Hosts: 74.125.45.100 4-open-davinci.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.it [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.de [2010-04-19]
O1 - Hosts: 93.186.119.129 google.nl [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com.au [2010-04-19]
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.no [2010-04-19]
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ie [2010-04-19]
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com.au [2010-04-19]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.za [2010-04-19]
O1 - Hosts: 93.186.119.129 google.dk [2010-04-19]
O1 - Hosts: 93.186.119.129 uk.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ie [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.pl [2010-04-19]
O1 - Hosts: 93.186.119.129 ca.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.uk [2010-04-19]
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2010-04-19]
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google-analytics.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.nz [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com.br [2010-04-19]
O1 - Hosts: 93.186.119.129 www.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 fr.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ch [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.nz [2010-04-19]
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com [2010-04-19]
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.uk [2010-04-19]
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com [2010-04-19]
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.nl [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ch [2010-04-19]
O1 - Hosts: 93.186.119.129 google.de [2010-04-19]
O1 - Hosts: 74.125.45.100 www.getavplusnow.com [2010-04-19]
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com [2010-04-19]
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com [2010-04-19]
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com [2010-04-19]
O1 - Hosts: 74.125.45.100 4-open-davinci.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com [2010-04-19]
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ca [2010-04-19]
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com [2010-04-19]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com.br [2010-04-19]
O1 - Hosts: 93.186.119.129 google.be [2010-04-19]
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com [2010-04-19]
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ch [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com.br [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.be [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com [2010-04-19]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ca [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.de [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com.au [2010-04-19]
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com.au [2010-04-19]
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.dk [2010-04-19]
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com [2010-04-19]
O1 - Hosts: 74.125.45.100 urs.microsoft.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.bing.com [2010-04-19]
O1 - Hosts: 93.186.119.129 de.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.za [2010-04-19]
O1 - Hosts: 93.186.119.129 fr.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 au.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.no [2010-04-19]
O1 - Hosts: 93.186.119.129 google.se [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.nz [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.se [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ie [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.nl [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.no [2010-04-19]
O1 - Hosts: 93.186.119.129 google.fr [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google-analytics.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ie [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.uk [2010-04-19]
O1 - Hosts: 93.186.119.129 ca.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.nz [2010-04-19]
O1 - Hosts: 93.186.119.129 www.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.za [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.jp [2010-04-19]
O1 - Hosts: 93.186.119.129 uk.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.jp [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.fr [2010-04-19]
O1 - Hosts: 93.186.119.129 google.it [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.it [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.dk [2010-04-19]
O1 - Hosts: 93.186.119.129 google.pl [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.pl [2010-04-19]
O1 - Hosts: 93.186.119.129 google.nl [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.uk [2010-04-19]
O1 - Hosts: 93.186.119.129 google.no [2010-04-19]
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com [2010-04-19]
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com [2010-04-19]
O1 - Hosts: 74.125.45.100 www.getavplusnow.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ie [2010-04-19]
O1 - Hosts: 93.186.119.129 au.search.yahoo.com [2010-04-19]
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.de [2010-04-19]
O1 - Hosts: 93.186.119.129 www.bing.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.se [2010-04-19]
O1 - Hosts: 93.186.119.129 google.dk [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.jp [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.nl [2010-04-19]
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ie [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ch [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.de [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.nl [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com.au [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.it [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.uk [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.dk [2010-04-19]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.be [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.uk [2010-04-19]
O1 - Hosts: 93.186.119.129 google.it [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.pl [2010-04-19]
O1 - Hosts: 93.186.119.129 search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.fr [2010-04-19]
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com [2010-04-19]
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com.br [2010-04-19]
O1 - Hosts: 93.186.119.129 uk.search.yahoo.com [2010-04-19]
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com [2010-04-19]
O1 - Hosts: 74.125.45.100 4-open-davinci.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.jp [2010-04-19]
O1 - Hosts: 93.186.119.129 ca.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.pl [2010-04-19]
O1 - Hosts: 93.186.119.129 google.se [2010-04-19]
O1 - Hosts: 93.186.119.129 de.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com.au [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.no [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.com.br [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ch [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google-analytics.com [2010-04-19]
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.be [2010-04-19]
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.fr [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.nz [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.za [2010-04-19]
O1 - Hosts: 74.125.45.100 urs.microsoft.com [2010-04-19]
O1 - Hosts: 93.186.119.129 google.co.nz [2010-04-19]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.ca [2010-04-19]
O1 - Hosts: 93.186.119.129 www.google.co.za [2010-04-19]
O1 - Hosts: 93.186.119.129 google.ca [2010-04-19]
O1 - Hosts: 93.186.119.129 fr.search.yahoo.com [2010-04-19]
O1 - Hosts: 93.186.119.129 www.search.yahoo.com [2010-04-19]
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com [2010-04-19]

======Hosts File======

74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com

======System event log======

Computer Name: WINXP
Event Code: 7000
Message: The DrvAgent32 service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 166
Source Name: Service Control Manager
Time Written: 20100302183011.000000-300
Event Type: error
User:

Computer Name: WINXP
Event Code: 7000
Message: The DrvAgent32 service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 165
Source Name: Service Control Manager
Time Written: 20100302183011.000000-300
Event Type: error
User:

Computer Name: WINXP
Event Code: 7000
Message: The DrvAgent32 service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 164
Source Name: Service Control Manager
Time Written: 20100302183011.000000-300
Event Type: error
User:

Computer Name: WINXP
Event Code: 20
Message: Printer Driver Adobe PDF Converter for Windows NT x86 Version-3 was added or updated. Files:- PSCRIPT5.DLL, Ps5ui.dll, ADPDF8.PPD, Pscript.hlp, ADREGP.DLL, ADUIGP.DLL, ADGELP.INI, PSCRIPT.NTF.

Record Number: 141
Source Name: Print
Time Written: 20100302180045.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: WINXP
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 134
Source Name: W32Time
Time Written: 20100301082440.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: WINXP
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 18
Source Name: WinMgmt
Time Written: 20100227095526.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: WINXP
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 17
Source Name: WinMgmt
Time Written: 20100227095526.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: WINXP
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20100227095234.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: WINXP
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20100227095234.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: WINXP
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20100227095232.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

-----------------EOF-----------------
bunchafool
Active Member
 
Posts: 5
Joined: April 19th, 2010, 9:45 am

Re: hosts file

Unread postby muppy03 » April 25th, 2010, 7:42 pm

Hi, Your copy of Windows will need to be validated before we can go much further. You are missing a lot of Security Patches because of this.

Please visit:

http://www.microsoft.com/genuine/ and click on Validate Windows. After you have validated windows please rerun this program and post the report:-

WGA Diagnostic Tool

Please follow this WGA troubleshooting procedure:

Please post (reply) with the results.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: hosts file

Unread postby NonSuch » April 29th, 2010, 12:16 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 68 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware